Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-24689

Summary
Assigner-icscert
Assigner Org ID-7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At-27 Feb, 2026 | 00:47
Updated At-27 Feb, 2026 | 00:47
Rejected At-
Credits

Copeland XWEB and XWEB Pro OS Command Injection

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field of the firmware update apply action.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:icscert
Assigner Org ID:7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
Published At:27 Feb, 2026 | 00:47
Updated At:27 Feb, 2026 | 00:47
Rejected At:
▼CVE Numbering Authority (CNA)
Copeland XWEB and XWEB Pro OS Command Injection

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field of the firmware update apply action.

Affected Products
Vendor
Copeland
Product
Copeland XWEB 300D PRO
Default Status
unaffected
Versions
Affected
  • From 0 through 1.12.1 (custom)
Vendor
Copeland
Product
Copeland XWEB 500D PRO
Default Status
unaffected
Versions
Affected
  • From 0 through 1.12.1 (custom)
Vendor
Copeland
Product
Copeland XWEB 500B PRO
Default Status
unaffected
Versions
Affected
  • From 0 through 1.12.1 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-78CWE-78
Type: CWE
CWE ID: CWE-78
Description: CWE-78
Metrics
VersionBase scoreBase severityVector
3.18.0HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 8.0
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Copeland has provided a fix for the vulnerabilities and recommends users update the XWEB Pro to the latest version by going to their software update page https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate in the sections dedicated to the different XWEBPRO models page.

Alternatively, a user logged into an XWEB Pro with internet access can update XWEB Pro directly from Copeland servers via the menu SYSTEM -- Updates | Network.

Configurations
Workarounds
Exploits
Credits
finder
Amir Zaltzman and Noam Moshe of Claroty Team82 reported this vulnerability to CISA.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate
N/A
https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-10
N/A
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-10.json
N/A
Hyperlink: https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate
Resource: N/A
Hyperlink: https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-10
Resource: N/A
Hyperlink: https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-10.json
Resource: N/A
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:ics-cert@hq.dhs.gov
Published At:27 Feb, 2026 | 01:16
Updated At:27 Feb, 2026 | 14:06

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field of the firmware update apply action.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.0HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.0
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-78Primaryics-cert@hq.dhs.gov
CWE ID: CWE-78
Type: Primary
Source: ics-cert@hq.dhs.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-10.jsonics-cert@hq.dhs.gov
N/A
https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdateics-cert@hq.dhs.gov
N/A
https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-10ics-cert@hq.dhs.gov
N/A
Hyperlink: https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-057-10.json
Source: ics-cert@hq.dhs.gov
Resource: N/A
Hyperlink: https://webapps.copeland.com/Dixell/Pages/SystemSoftwareUpdate
Source: ics-cert@hq.dhs.gov
Resource: N/A
Hyperlink: https://www.cisa.gov/news-events/ics-advisories/icsa-26-057-10
Source: ics-cert@hq.dhs.gov
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

25Records found
CVE-2026-25111
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8||HIGH
EPSS-0.22% / 44.56%
||
7 Day CHG~0.00%
Published-27 Feb, 2026 | 00:40
Updated-27 Feb, 2026 | 14:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Copeland XWEB and XWEB Pro OS Command Injection

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into requests sent to the restore route.

Action-Not Available
Vendor-Copeland
Product-Copeland XWEB 300D PROCopeland XWEB 500D PROCopeland XWEB 500B PRO
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-24452
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8||HIGH
EPSS-0.22% / 44.56%
||
7 Day CHG~0.00%
Published-27 Feb, 2026 | 00:53
Updated-27 Feb, 2026 | 23:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Copeland XWEB and XWEB Pro OS Command Injection

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by supplying a crafted template file to the devices route.

Action-Not Available
Vendor-copelandCopeland
Product-xweb_500d_proxweb_300d_proxweb_500b_proxweb_500d_pro_firmwarexweb_300d_pro_firmwarexweb_500b_pro_firmwareCopeland XWEB 300D PROCopeland XWEB 500D PROCopeland XWEB 500B PRO
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-3037
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8||HIGH
EPSS-0.22% / 44.56%
||
7 Day CHG~0.00%
Published-27 Feb, 2026 | 01:06
Updated-28 Feb, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Copeland XWEB and XWEB Pro OS Command Injection

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by modifying malicious input injected into the MBird SMS service URL and/or code via the utility route which is later processed during system setup, leading to remote code execution.

Action-Not Available
Vendor-copelandCopeland
Product-xweb_500d_proxweb_300d_proxweb_500b_proxweb_500d_pro_firmwarexweb_300d_pro_firmwarexweb_500b_pro_firmwareCopeland XWEB 300D PROCopeland XWEB 500D PROCopeland XWEB 500B PRO
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-25109
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8||HIGH
EPSS-0.22% / 44.56%
||
7 Day CHG~0.00%
Published-27 Feb, 2026 | 00:48
Updated-27 Feb, 2026 | 14:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Copeland XWEB and XWEB Pro OS Command Injection

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field when accessing the get setup route, leading to remote code execution.

Action-Not Available
Vendor-Copeland
Product-Copeland XWEB 300D PROCopeland XWEB 500D PROCopeland XWEB 500B PRO
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-24695
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8||HIGH
EPSS-0.22% / 44.56%
||
7 Day CHG~0.00%
Published-27 Feb, 2026 | 00:51
Updated-27 Feb, 2026 | 14:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Copeland XWEB and XWEB Pro OS Command Injection

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into OpenSSL argument fields within requests sent to the utility route, leading to remote code execution.

Action-Not Available
Vendor-Copeland
Product-Copeland XWEB 300D PROCopeland XWEB 500D PROCopeland XWEB 500B PRO
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-24517
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8||HIGH
EPSS-0.22% / 44.56%
||
7 Day CHG~0.00%
Published-27 Feb, 2026 | 00:43
Updated-27 Feb, 2026 | 14:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Copeland XWEB and XWEB Pro OS Command Injection

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into requests sent to the firmware update route.

Action-Not Available
Vendor-Copeland
Product-Copeland XWEB 300D PROCopeland XWEB 500D PROCopeland XWEB 500B PRO
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-25196
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8||HIGH
EPSS-0.22% / 44.56%
||
7 Day CHG~0.00%
Published-27 Feb, 2026 | 00:58
Updated-27 Feb, 2026 | 23:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Copeland XWEB and XWEB Pro OS Command Injection

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the Wi-Fi SSID and/or password fields can lead to remote code execution when the configuration is processed.

Action-Not Available
Vendor-copelandCopeland
Product-xweb_500d_proxweb_300d_proxweb_500b_proxweb_500d_pro_firmwarexweb_300d_pro_firmwarexweb_500b_pro_firmwareCopeland XWEB 300D PROCopeland XWEB 500D PROCopeland XWEB 500B PRO
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-25195
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8||HIGH
EPSS-0.22% / 44.56%
||
7 Day CHG~0.00%
Published-27 Feb, 2026 | 00:45
Updated-27 Feb, 2026 | 14:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Copeland XWEB and XWEB Pro OS Command Injection

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by supplying a crafted firmware update file via the firmware update route.

Action-Not Available
Vendor-Copeland
Product-Copeland XWEB 300D PROCopeland XWEB 500D PROCopeland XWEB 500B PRO
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-25721
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8||HIGH
EPSS-0.22% / 44.56%
||
7 Day CHG~0.00%
Published-27 Feb, 2026 | 00:55
Updated-27 Feb, 2026 | 23:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Copeland XWEB and XWEB Pro OS Command Injection

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the server username and/or password fields of the restore action in the API V1 route.

Action-Not Available
Vendor-copelandCopeland
Product-xweb_500d_proxweb_300d_proxweb_500b_proxweb_500d_pro_firmwarexweb_300d_pro_firmwarexweb_500b_pro_firmwareCopeland XWEB 300D PROCopeland XWEB 500D PROCopeland XWEB 500B PRO
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-25037
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8||HIGH
EPSS-0.22% / 44.56%
||
7 Day CHG~0.00%
Published-27 Feb, 2026 | 00:59
Updated-27 Feb, 2026 | 23:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Copeland XWEB and XWEB Pro OS Command Injection

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by configuring a maliciously crafted LCD state which is later processed during system setup, enabling remote code execution.

Action-Not Available
Vendor-copelandCopeland
Product-xweb_500d_proxweb_300d_proxweb_500b_proxweb_500d_pro_firmwarexweb_300d_pro_firmwarexweb_500b_pro_firmwareCopeland XWEB 300D PROCopeland XWEB 500D PROCopeland XWEB 500B PRO
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-25105
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8||HIGH
EPSS-0.22% / 44.56%
||
7 Day CHG~0.00%
Published-27 Feb, 2026 | 00:52
Updated-27 Feb, 2026 | 23:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Copeland XWEB and XWEB Pro OS Command Injection

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into parameters of the Modbus command tool in the debug route.

Action-Not Available
Vendor-copelandCopeland
Product-xweb_500d_proxweb_300d_proxweb_500b_proxweb_500d_pro_firmwarexweb_300d_pro_firmwarexweb_500b_pro_firmwareCopeland XWEB 300D PROCopeland XWEB 500D PROCopeland XWEB 500B PRO
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-23702
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8||HIGH
EPSS-0.22% / 44.56%
||
7 Day CHG~0.00%
Published-27 Feb, 2026 | 00:54
Updated-27 Feb, 2026 | 23:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Copeland XWEB and XWEB Pro OS Command Injection

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by sending malicious input injected into the server username field of the import preconfiguration action in the API V1 route.

Action-Not Available
Vendor-copelandCopeland
Product-xweb_500d_proxweb_300d_proxweb_500b_proxweb_500d_pro_firmwarexweb_300d_pro_firmwarexweb_500b_pro_firmwareCopeland XWEB 300D PROCopeland XWEB 500D PROCopeland XWEB 500B PRO
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-20910
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8||HIGH
EPSS-0.22% / 44.56%
||
7 Day CHG~0.00%
Published-27 Feb, 2026 | 00:46
Updated-27 Feb, 2026 | 23:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Copeland XWEB and XWEB Pro OS Command Injection

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field of the firmware update update action to achieve remote code execution.

Action-Not Available
Vendor-copelandCopeland
Product-xweb_500d_proxweb_300d_proxweb_500b_proxweb_500d_pro_firmwarexweb_300d_pro_firmwarexweb_500b_pro_firmwareCopeland XWEB 300D PROCopeland XWEB 500D PROCopeland XWEB 500B PRO
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-20764
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8||HIGH
EPSS-0.22% / 44.56%
||
7 Day CHG~0.00%
Published-27 Feb, 2026 | 00:56
Updated-27 Feb, 2026 | 23:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Copeland XWEB and XWEB Pro OS Command Injection

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by providing malicious input via the device hostname configuration which is later processed during system setup, resulting in remote code execution.

Action-Not Available
Vendor-copelandCopeland
Product-xweb_500d_proxweb_300d_proxweb_500b_proxweb_500d_pro_firmwarexweb_300d_pro_firmwarexweb_500b_pro_firmwareCopeland XWEB 300D PROCopeland XWEB 500D PROCopeland XWEB 500B PRO
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-20902
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8||HIGH
EPSS-0.22% / 44.56%
||
7 Day CHG~0.00%
Published-27 Feb, 2026 | 00:49
Updated-27 Feb, 2026 | 23:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Copeland XWEB and XWEB Pro OS Command Injection

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the map filename field during the map upload action of the parameters route.

Action-Not Available
Vendor-copelandCopeland
Product-xweb_500d_proxweb_300d_proxweb_500b_proxweb_500d_pro_firmwarexweb_300d_pro_firmwarexweb_500b_pro_firmwareCopeland XWEB 300D PROCopeland XWEB 500D PROCopeland XWEB 500B PRO
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-20742
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8||HIGH
EPSS-0.22% / 44.56%
||
7 Day CHG~0.00%
Published-27 Feb, 2026 | 00:42
Updated-27 Feb, 2026 | 23:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Copeland XWEB and XWEB Pro OS Command Injection

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into requests sent to the templates route.

Action-Not Available
Vendor-copelandCopeland
Product-xweb_500d_proxweb_300d_proxweb_500b_proxweb_500d_pro_firmwarexweb_300d_pro_firmwarexweb_500b_pro_firmwareCopeland XWEB 300D PROCopeland XWEB 500D PROCopeland XWEB 500B PRO
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-21389
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-10
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8||HIGH
EPSS-0.22% / 44.56%
||
7 Day CHG~0.00%
Published-27 Feb, 2026 | 00:38
Updated-27 Feb, 2026 | 23:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Copeland XWEB and XWEB Pro OS Command Injection

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the request body sent to the contacts import route.

Action-Not Available
Vendor-copelandCopeland
Product-xweb_500d_proxweb_300d_proxweb_500b_proxweb_500d_pro_firmwarexweb_300d_pro_firmwarexweb_500b_pro_firmwareCopeland XWEB 300D PROCopeland XWEB 500D PROCopeland XWEB 500B PRO
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-24663
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-6
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9||CRITICAL
EPSS-1.35% / 79.90%
||
7 Day CHG~0.00%
Published-27 Feb, 2026 | 00:36
Updated-27 Feb, 2026 | 14:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Copeland XWEB and XWEB Pro OS Command Injection

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an unauthenticated attacker to achieve remote code execution on the system by sending a crafted request to the libraries installation route and injecting malicious input into the request body.

Action-Not Available
Vendor-Copeland
Product-Copeland XWEB 300D PROCopeland XWEB 500D PROCopeland XWEB 500B PRO
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-14894
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-8||HIGH
EPSS-2.48% / 85.03%
||
7 Day CHG~0.00%
Published-22 Jun, 2020 | 17:53
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the CloudForms management engine version 5.10 and CloudForms management version 5.11, which triggered remote code execution through NFS schedule backup. An attacker logged into the management console could use this flaw to execute arbitrary shell commands on the CloudForms server as root.

Action-Not Available
Vendor-[UNKNOWN]Red Hat, Inc.
Product-cloudforms_management_engineCloudForms
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-3874
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-8||HIGH
EPSS-0.18% / 39.26%
||
7 Day CHG~0.00%
Published-22 Sep, 2023 | 13:56
Updated-24 Sep, 2024 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Os command injection via ct_command and fcct_command

A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations in templates, possibly resulting in arbitrary command execution on the underlying operating system.

Action-Not Available
Vendor-n/aRed Hat, Inc.The Foreman
Product-satelliteforemanRed Hat Satellite 6foreman
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-24129
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.1||HIGH
EPSS-0.07% / 20.71%
||
7 Day CHG+0.01%
Published-22 Jan, 2026 | 22:41
Updated-26 Feb, 2026 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Runtipi is Vulnerable to Authenticated Arbitrary Remote Code Execution

Runtipi is a Docker-based, personal homeserver orchestrator that facilitates multiple services on a single server. Versions 3.7.0 and above allow an authenticated user to execute arbitrary system commands on the host server by injecting shell metacharacters into backup filenames. The BackupManager fails to sanitize the filenames of uploaded backups. The system persists user-uploaded files directly to the host filesystem using the raw originalname provided in the request. This allows an attacker to stage a file containing shell metacharacters (e.g., $(id).tar.gz) at a predictable path, which is later referenced during the restore process. The successful storage of the file is what allows the subsequent restore command to reference and execute it. This issue has been fixed in version 4.7.0.

Action-Not Available
Vendor-runtipiruntipi
Product-runtipiruntipi
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-59518
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-0.08% / 23.84%
||
7 Day CHG+0.01%
Published-17 Sep, 2025 | 00:00
Updated-17 Sep, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In LemonLDAP::NG before 2.16.7 and 2.17 through 2.21 before 2.21.3, OS command injection can occur in the Safe jail. It does not Localize _ during rule evaluation. Thus, an administrator who can edit a rule evaluated by the Safe jail can execute commands on the server.

Action-Not Available
Vendor-lemonldap-ng
Product-LemonLDAP::NG
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-58763
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.1||HIGH
EPSS-0.37% / 58.46%
||
7 Day CHG~0.00%
Published-09 Sep, 2025 | 20:13
Updated-18 Sep, 2025 | 20:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tautulli vulnerable to Authenticated Remote Code Execution via Command Injection

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. A command injection vulnerability in Tautulli v2.15.3 and prior allows attackers with administrative privileges to obtain remote code execution on the application server. This vulnerability requires the application to have been cloned from GitHub and installed manually. When Tautulli is cloned directly from GitHub and installed manually, the application manages updates and versioning through calls to the `git` command. In the code, this is performed through the `runGit` function in `versioncheck.py`. Since `shell=True` is passed to `subproces.Popen`, this call is vulnerable to subject to command injection, as shell characters within arguments will be passed to the underlying shell. A concrete location where this can be triggered is in the `checkout_git_branch` endpoint. This endpoint stores a user-supplied remote and branch name into the `GIT_REMOTE` and `GIT_BRANCH` configuration keys without sanitization. Downstream, these keys are then fetched and passed directly into `runGit` using a format string. Hence, code execution can be obtained by using `$()` interpolation in a command. Version 2.16.0 contains a fix for the issue.

Action-Not Available
Vendor-tautulliTautulli
Product-tautulliTautulli
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-29841
Matching Score-4
Assigner-Western Digital
ShareView Details
Matching Score-4
Assigner-Western Digital
CVSS Score-8||HIGH
EPSS-0.38% / 59.14%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 21:04
Updated-24 Jan, 2025 | 21:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OS Command Injection vulnerability in Western Digital My Cloud devices

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that was caused by a command that read files from a privileged location and created a system command without sanitizing the read data. This command could be triggered by an attacker remotely to cause code execution and gain a reverse shell in Western Digital My Cloud OS 5 devices.This issue affects My Cloud OS 5: before 5.26.119.

Action-Not Available
Vendor-Western Digital Corp.
Product-my_cloud_dl2100wd_cloudmy_cloudmy_cloud_ex4100my_cloud_ex2_ultramy_cloud_mirror_g2my_cloud_pr2100my_cloud_osmy_cloud_dl4100my_cloud_ex2100my_cloud_pr4100My Cloud OS 5
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-10622
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-8||HIGH
EPSS-0.11% / 29.92%
||
7 Day CHG~0.00%
Published-05 Nov, 2025 | 07:32
Updated-26 Feb, 2026 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foreman: os command injection via ct_location and fcct_location parameters

A flaw was found in Red Hat Satellite (Foreman component). This vulnerability allows an authenticated user with edit_settings permissions to achieve arbitrary command execution on the underlying operating system via insufficient server-side validation of command whitelisting.

Action-Not Available
Vendor-The ForemanRed Hat, Inc.
Product-Red Hat Satellite 6Red Hat Satellite 6.16 for RHEL 8Red Hat Satellite 6.17 for RHEL 9Red Hat Satellite 6.15 for RHEL 8Red Hat Satellite 6.18 for RHEL 9ForemanRed Hat Satellite 6.16 for RHEL 9
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Details not found